An anonymous reader writes: Penetration testers are often viewed as professional versions of hackers, galavanting from conference to datacentre around the world popping systems left, right and centre. The truth is sometimes stranger than fiction. Raw Hex interviews John Carroll, a penetration tester in an internal bank. Interestingly, John was the first person to win a bugcrowd bug bounty and also talks about the incorrect perception of pentesters having access to some sort of black magic.Link to Original Source

I got some of those HA-FX67s for about Â£12 from a supermarket. I wasn't expecting much, but I think they're pretty darned good compared with the Sennheisers at a similar price point I've sworn by in the past. I mostly listen to rock and metal, and with a bit of scooped EQ, they sound pretty good. I suspect they'd work quite well for electronic/dance stuff too.

I picked up a pair of Goldring DR-150s for a bargain price of just under Â£30 a few years back; they're pretty good for at-home listening, but being open-backed are too anti-social to use whilst commuting etc.

The Sandy Bridge-E models are "enthusiast" CPUs, with the top version priced at $1000. Pretty sure the motivation here is that few enthusiasts use the stock cooler, so they figured they could omit it from expensive enthusiast-only CPUs without anybody raising much of a fuss. The money customers spend on a separate HSF is almost certainly going to go to companies like Thermaltake who build overclocker-style HSFs, not Intel.

I agree; that sounds like the most likely explanation, combined with a bit of obscuring inflation (in the same way food manufacturers are cutting package sizes/weights rather than increasing prices).

Incidentally, I've always used the stock Intel cooler that comes with their boxed CPUs and found them to be reliable and to cool the CPU completely adequately, even in a non-air-conditioned domestic environment. The only things that would drive me to third-party heatsinks would be if I wanted to overclock (I don't - I prefer a machine that I can rely upon to perform to specification at all times) or if I was building a completely silent/fanless machine (even my MythTV box has at least four fans in it, which I really don't notice, given the solidity of the Antec case).

Emulation would have disadvantages compared with teaching on the actual hardware, but it also has advantages too; it's almost trivial for an emulator to provide In Circuit Emulation-like features, such as being able to snoop on IO, CPU register contents, pause execution etc. Back in the day, devices like the Multiface were the closest thing most people had to debug at the very lowest levels (though some of the POKEs hackers had access to rather more advanced semi-custom built kit).

Since 1972, we've developed the technology to be able to build autonomous robots to do our exploring for us and sent them to Mars and other bodies in the solar system, which is both cheaper and safer than sending fragile humans.

At least, that's what I tell myself to avoid feeling the doubt in progress that you apparently do.:-)

How does the GPL help you gain access to the (trade secret, unpublished) source code for a proprietary application so you can fix a bug or enhance it?

By spotting that they've linked against or included GPL-licensed code, forcing them to stop distributing their binaries, re-write using GPL-free code, or release their own source code. Or, simply by setting an example and creating a community that they feel like contributing to and working with.

I don't propose to solve the issue of proprietary source, just that the Open Source/Free Software movement would still be known as the Public Domain movement if our laws weren't so screwed.

Sure, but by focussing on fair-use of binaries and eliminating copyright protection of GPL and similar licenses makes it possible for proprietary creators to incorporate GPLed code with impunity (which in turn will probably erode the community that developers Free software), whilst not enabling users of proprietary binaries to obtain the source for the applications they use and make use of them in the ways they wish. In other words, it'll make the current situation worse not better. Thankfully, PPUK leadership seem to understand this, these days, but it doesn't stop some of their supporters focussing solely on getting their warez without the risk of prosecution.

How do "realistic fair use" provisions in copyright law and practice help you gain access to the (trade secret, unpublished) source code for a proprietary application so you can fix a bug or enhance it?

The affected government minister said that the website was accessed 3,727 times, and that this is 'akin to a single attempt to turn the doorknob of an insecure office and kindly accept the 3,727 highly confidential documents that the receptionist hands to you.'

There, fixed that for you, Mr. Minister.

There, fixed that for you.

Having RTFA, I fixed that for you. Doesn't look like there was any brute-forcing of the URL involved, just surfing around retrieving pages and images.

Posted
by
Soulskillon Saturday January 23, 2010 @11:32AM
from the more-and-better dept.

ruphus13 writes "Nmap has a new release out, and it's a major one. It includes a GUI front-end called Zenmap, and, according to the post, 'Network admins will no doubt be excited to learn that Nmap is now ready to identify Snow Leopard systems, Android Linux smartphones, and Chumbies, among other OSes that Nmap can now identify. This release also brings an additional 31 Nmap Scripting Engine scripts, bringing the total collection up to 80 pre-written scripts for Nmap. The scripts include X11 access checks to see if X.org on a system allows remote access, a script to retrieve and print an SSL certificate, and a script designed to see whether a host is serving malware. Nmap also comes with netcat and Ndiff. Source code and binaries are available from the Nmap site, including RPMs for x86 and x86_64 systems, and binaries for Windows and Mac OS X. '"

The 'discreet structures with graph theory' course sounds like it'll be more use for things like systems programming, databases, compilers and the like, whilst the other sounds like it'll be more use if you want to go into graphics or scientific programming.

To me, the term 'rip off' implies some kind of intentional deceit. From reading the article, it appears that BB's "optimization technicians" are simply incompetent and unaware of it. Now that BB have been made aware of the poor results of their "optimization", I would hope they would withdraw the service and sell remaining pre-optimized stock without the optimization premium. To continue to do otherwise would indeed be a "rip off".

To "purchase" a product with the intent from the outset of using it to fulfil some short-term need then returning it is "ripping off" the vendor (unless they're naïve/customer-focussed enough to allow 'free trials' and evaluation periods).